secrets: move transmission secret to agenix
This commit is contained in:
parent
540968627c
commit
165b30ef9c
|
@ -142,7 +142,7 @@ in
|
||||||
transmission = {
|
transmission = {
|
||||||
enable = true;
|
enable = true;
|
||||||
username = "alarsyo";
|
username = "alarsyo";
|
||||||
password = secrets.transmission-password;
|
secretConfigFile = config.age.secrets."transmission/secret".path;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -17,6 +17,10 @@
|
||||||
owner = "matrix-synapse";
|
owner = "matrix-synapse";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
"transmission/secret" = {
|
||||||
|
owner = "transmission";
|
||||||
|
};
|
||||||
|
|
||||||
"users/alarsyo-hashed-password" = {};
|
"users/alarsyo-hashed-password" = {};
|
||||||
"users/root-hashed-password" = {};
|
"users/root-hashed-password" = {};
|
||||||
};
|
};
|
||||||
|
|
|
@ -22,6 +22,8 @@ in
|
||||||
"restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ];
|
"restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ];
|
||||||
"restic-backup/zephyrus-credentials.age".publicKeys = [ alarsyo zephyrus ];
|
"restic-backup/zephyrus-credentials.age".publicKeys = [ alarsyo zephyrus ];
|
||||||
|
|
||||||
|
"transmission/secret.age".publicKeys = [ poseidon ];
|
||||||
|
|
||||||
"users/root-hashed-password.age".publicKeys = machines;
|
"users/root-hashed-password.age".publicKeys = machines;
|
||||||
"users/alarsyo-hashed-password.age".publicKeys = machines ++ [ alarsyo ];
|
"users/alarsyo-hashed-password.age".publicKeys = machines ++ [ alarsyo ];
|
||||||
}
|
}
|
||||||
|
|
BIN
modules/secrets/transmission/secret.age
Normal file
BIN
modules/secrets/transmission/secret.age
Normal file
Binary file not shown.
|
@ -11,7 +11,6 @@ in {
|
||||||
|
|
||||||
config.my.secrets = {
|
config.my.secrets = {
|
||||||
miniflux-admin-credentials = fileContents ./miniflux-admin-credentials.secret;
|
miniflux-admin-credentials = fileContents ./miniflux-admin-credentials.secret;
|
||||||
transmission-password = fileContents ./transmission.secret;
|
|
||||||
nextcloud-admin-pass = ./nextcloud-admin-pass.secret;
|
nextcloud-admin-pass = ./nextcloud-admin-pass.secret;
|
||||||
nextcloud-admin-user = fileContents ./nextcloud-admin-user.secret;
|
nextcloud-admin-user = fileContents ./nextcloud-admin-user.secret;
|
||||||
|
|
||||||
|
|
Binary file not shown.
|
@ -14,6 +14,7 @@ let
|
||||||
mkEnableOption
|
mkEnableOption
|
||||||
mkIf
|
mkIf
|
||||||
mkOption
|
mkOption
|
||||||
|
optionals
|
||||||
;
|
;
|
||||||
|
|
||||||
cfg = config.my.services.matrix;
|
cfg = config.my.services.matrix;
|
||||||
|
@ -46,7 +47,7 @@ in {
|
||||||
services.matrix-synapse = {
|
services.matrix-synapse = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
||||||
extraConfigFiles = lib.optionals (cfg.secretConfigFile != null) [
|
extraConfigFiles = optionals (cfg.secretConfigFile != null) [
|
||||||
cfg.secretConfigFile
|
cfg.secretConfigFile
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
|
@ -4,6 +4,7 @@ let
|
||||||
mkEnableOption
|
mkEnableOption
|
||||||
mkIf
|
mkIf
|
||||||
mkOption
|
mkOption
|
||||||
|
optionalAttrs
|
||||||
;
|
;
|
||||||
|
|
||||||
cfg = config.my.services.transmission;
|
cfg = config.my.services.transmission;
|
||||||
|
@ -27,10 +28,11 @@ in
|
||||||
description = "Name of the transmission RPC user";
|
description = "Name of the transmission RPC user";
|
||||||
};
|
};
|
||||||
|
|
||||||
password = mkOption {
|
secretConfigFile = mkOption {
|
||||||
type = types.str;
|
type = types.nullOr types.path;
|
||||||
example = "password";
|
default = null;
|
||||||
description = "Password of the transmission RPC user";
|
example = "/var/run/secrets/transmission-secrets";
|
||||||
|
description = "Path to secrets file to append to configuration";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -50,7 +52,6 @@ in
|
||||||
rpc-authentication-required = true;
|
rpc-authentication-required = true;
|
||||||
|
|
||||||
rpc-username = cfg.username;
|
rpc-username = cfg.username;
|
||||||
rpc-password = cfg.password;
|
|
||||||
|
|
||||||
rpc-whitelist-enabled = true;
|
rpc-whitelist-enabled = true;
|
||||||
rpc-whitelist = "127.0.0.1";
|
rpc-whitelist = "127.0.0.1";
|
||||||
|
@ -58,7 +59,9 @@ in
|
||||||
|
|
||||||
# automatically allow transmission.settings.peer-port
|
# automatically allow transmission.settings.peer-port
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
};
|
} // (optionalAttrs (cfg.secretConfigFile != null) {
|
||||||
|
credentialsFile = cfg.secretConfigFile;
|
||||||
|
});
|
||||||
|
|
||||||
services.nginx.virtualHosts."${webuiDomain}" = {
|
services.nginx.virtualHosts."${webuiDomain}" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
|
|
Loading…
Reference in a new issue